Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

also oinserver...

Started by cidflame , Oct 24 2006 01:23 PM

  • Please log in to reply

#1
cidflame
Posted 24 October 2006 - 01:23 PM

cidflame

    New Member

  • Member
  • Pip
  • 4 posts
I have looked for the stuff to delete on my computer. Thought I had it, but didn't. Here is my log thing.
Logfile of HijackThis v1.99.1
Scan saved at 3:21:07 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\??stem32\?hkntfs.exe
C:\WINDOWS\YnVybnM\command.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PPATCH~1\lsass.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\burns\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [rmkr] C:\Program Files\Common Files\rmkr\rmkrm.exe
O4 - HKCU\..\Run: [Reas] "C:\PROGRA~1\PPATCH~1\lsass.exe" -vt ndrv
O4 - HKCU\..\Run: [Seadjctt] C:\WINDOWS\??stem32\?hkntfs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnVybnM\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Thank you for taking the time to help me.
  • 0

Advertisements

#2
Flrman1
Posted 24 October 2006 - 06:20 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi cidflame

Welcome to GTG! :whistling:

Before we prodeed, please do the following:

* Open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log, the Uninstall list and the results from ActiveScan

Edited by Flrman1, 24 October 2006 - 06:20 PM.

  • 0

#3
cidflame
Posted 24 October 2006 - 08:58 PM

cidflame

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is my save list

Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
Adobe Shockwave Player
AstroPop Deluxe 1.0
BookWorm Deluxe 1.02
Camera Driver
Command
HijackThis 1.99.1
ICQ 5.1
iPod for Windows 2005-03-23
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
JD Secure 3.1
Macromedia Flash Player 8
Magic Vines
MediaTickets by OIN
Microsoft Office Professional Edition 2003
Nero Media Player
Nero OEM
NeroVision Express 2 SE
Network Monitor
PC-cillin 2002
QuarkXPress 5.0
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
SiS Audio Driver
TSA
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

Edited by cidflame, 24 October 2006 - 09:04 PM.

  • 0

#4
cidflame
Posted 24 October 2006 - 09:46 PM

cidflame

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Active scan


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\progra~1\ppatch~1\lsass.exe
Adware:Adware/PrintView Not disinfected c:\progra~1\printv~1\pvmodule.exe
Adware:Adware/PrintView Not disinfected C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
Adware:Adware/SearchAid Not disinfected C:\Program Files\Network Monitor\netmon.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\YnVybnM\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\YnVybnM\asappsrv.dll
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Adware:adware/purityscan Not disinfected c:\windows\system32\wnscpcc.exe
Potentially unwanted tool:application/regclean32 Not disinfected c:\program files\Registry Cleaner Trial
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:Adware/CommAd Not disinfected C:\WINDOWS\YnVybnM\sBpVvBg.vbs
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rmkr\rmkrd\rmkrc.dll
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\printhook030.dll
Adware:Adware/PrintView Not disinfected C:\Program Files\PrintView\pvmodule.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\??pPatch\lsass.exe
Adware:Adware/Maxifiles Not disinfected C:\RECYCLED\Dc668\Uninst.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/PurityScan Not disinfected C:\RECYCLED\Dc672\cmd.exe
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLED\Dc673\Update.exe
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLED\Dc673\services.dll
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b103.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b124.exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\cmdinst.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b116.exe
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@entrepreneur[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@realmedia[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@tradedoubler[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@doubleclick[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@casalemedia[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@mediaplex[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@2o7[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@fastclick[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@overture[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@burstnet[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@adrevolver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@zedo[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@atdmt[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@maxserving[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@atwola[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@tribalfusion[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@com[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@bluestreak[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@hitbox[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@advertising[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@errorsafe[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@247realmedia[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@qksrv[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@adrevolver[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@targetnet[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@valueclick[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@apmebf[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@fortunecity[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@trafficmp[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@questionmarket[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@statcounter[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\Cookies\burns@linksynergy[2].txt
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\!update.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\isinst.exe
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\burns\Local Settings\Temp\b111.exe
Possible Virus. Not disinfected C:\Documents and Settings\burns\My Documents\backups\backup-20061024-145558-233.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\burns\Cookies\burns@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\burns\Cookies\burns@belnk[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\burns\Cookies\burns@tribalfusion[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\burns\Cookies\burns@offeroptimizer[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\burns\Cookies\burns@hitbox[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\burns\Cookies\burns@bfast[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\burns\Cookies\burns@revenue[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\burns\Cookies\burns@adtech[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\burns\Cookies\burns@adviva[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\burns\Cookies\burns@mediaplex[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\burns\Cookies\burns@overture[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\burns\Cookies\burns@bluestreak[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\burns\Cookies\burns@burstnet[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\burns\Cookies\burns@fortunecity[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\burns\Cookies\burns@qksrv[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\burns\Cookies\burns@2o7[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\burns\Cookies\burns@tradedoubler[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\burns\Cookies\burns@cgi-bin[10].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\burns\Cookies\burns@targetnet[1].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\burns\Cookies\burns@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\burns\Cookies\burns@cgi-bin[9].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\burns\Cookies\burns@banner[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\burns\Cookies\burns@did-it[1].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\burns\Cookies\burns@7search[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\burns\Cookies\burns@hotlog[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\burns\Cookies\burns@apmebf[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\burns\Cookies\burns@cdfreaks[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\burns\Cookies\burns@realmedia[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\burns\Cookies\burns@advertising[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\burns\Cookies\burns@seeq[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\burns\Cookies\burns@azjmp[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\burns\Cookies\burns@casalemedia[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\burns\Cookies\burns@247realmedia[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\burns\Cookies\burns@fastclick[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\burns\Cookies\burns@go[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\burns\Cookies\burns@com[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\burns\Cookies\burns@atwola[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\burns\Cookies\burns@drivecleaner[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\burns\Cookies\burns@statcounter[2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\burns\Cookies\burns@trafficmp[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\burns\Cookies\burns@valueclick[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\burns\Cookies\burns@maxserving[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\burns\Cookies\burns@yadro[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\burns\Cookies\[email protected][2].txt

And Uninstall List

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7BDB9536-7AF3-240F-D7CA-22A7785BE2BA} - C:\WINDOWS\system32\wbrwg.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\.

Edited by cidflame, 24 October 2006 - 09:52 PM.

  • 0

#5
Flrman1
Posted 25 October 2006 - 04:55 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* I am attaching a CmdService and NetworkMonitor.zip file to this post. Download it and save it to your desktop. Unzip it to extract the CmdService and NetworkMonitor.reg file it contains.


* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Go to Add/Remove programs and uninstall these:

IpWins
J2SE Runtime Environment 5.0 Update 6
MediaTickets by OIN
Network Monitor
TSA


* Click here to download OiUninstaller.exe and save it to your desktop.

Click on the OiUninstaller.exe then follow the prompts from there.


* Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this service:

Command Service

Rightclick it and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.

Next in the Services window find this service:

Network Monitor

Rightclick it and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.

Exit the Services utility.



* Run Hijack This again and put a check by any of these that are still there. Close ALL windows except HijackThis and click "Fix checked"

O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

O4 - HKCU\..\Run: [rmkr] C:\Program Files\Common Files\rmkr\rmkrm.exe

O4 - HKCU\..\Run: [Reas] "C:\PROGRA~1\PPATCH~1\lsass.exe" -vt ndrv

O4 - HKCU\..\Run: [Seadjctt] C:\WINDOWS\??stem32\?hkntfs.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnVybnM\command.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\PrintView

    C:\Program Files\Network Monitor

    C:\WINDOWS\YnVybnM

    c:\windows\system32\atmtd.dll

    c:\windows\system32\tsuninst.exe

    c:\windows\system32\wnscpcc.exe

    c:\program files\Registry Cleaner Trial

    C:\WINDOWS\uninstall_nmon.vbs

    C:\Program Files\Common Files\rmkr

    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe

    C:\Program Files\PPatch

    C:\RECYCLED\Dc668\Uninst.exe

    C:\RECYCLED\Dc672\cmd.exe

    C:\RECYCLED\Dc673\Update.exe

    C:\RECYCLED\Dc673\services.dll

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Doubleclick on the CmdService and NetworkMonitor.reg file to add it to the registry. Answer yes to confirm the merge.

* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


* Now go here and install the latest version of Java.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

Attached Files


Edited by Flrman1, 25 October 2006 - 04:56 PM.

  • 0

#6
cidflame
Posted 26 October 2006 - 08:30 PM

cidflame

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok, here is the hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 10:28:49 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\burns\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

And here is the BitDefender one.

BitDefender Online Scanner



Scan report generated at: Thu, Oct 26, 2006 - 22:26:34





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;







Statistics

Time
01:14:39

Files
330507

Folders
3529

Boot Sectors
2

Archives
1696

Packed Files
37445




Results

Identified Viruses
12

Infected Files
17

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
22




Engines Info

Virus Definitions
479042

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\17B9.tmp=>(Quarantine-4)
Infected with: Trojan.Dialer.PL

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\17B9.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\17B9.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\10.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Tsupdate.N

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\10.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\10.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\11.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.TSUpdate.P

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\11.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\12.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.TSUpdate.L

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\12.tmp=>(Quarantine-4)
Deleted

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\13.tmp=>(Quarantine-4)
Infected with: Trojan.Downloader.Tsupdate.F

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\13.tmp=>(Quarantine-4)
Disinfection failed

C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\13.tmp=>(Quarantine-4)
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR

C:\Documents and Settings\burns\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\Documents and Settings\burns\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\b116.exe=>(NSIS o)
Update failed

C:\Documents and Settings\burns\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
Infected with: Trojan.Downloader.Tsupdate.N

C:\Documents and Settings\burns\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
Disinfection failed

C:\Documents and Settings\burns\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\!update.exe
Infected with: Trojan.Downloader.PurityScan.BP

C:\Documents and Settings\burns\Local Settings\Temp\!update.exe
Disinfection failed

C:\Documents and Settings\burns\Local Settings\Temp\!update.exe
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\isinst.exe
Infected with: Trojan.Downloader.IstBar.PE

C:\Documents and Settings\burns\Local Settings\Temp\isinst.exe
Disinfection failed

C:\Documents and Settings\burns\Local Settings\Temp\isinst.exe
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\b111.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Dialer.PL

C:\Documents and Settings\burns\Local Settings\Temp\b111.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\Documents and Settings\burns\Local Settings\Temp\b111.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Documents and Settings\burns\Local Settings\Temp\b111.exe=>(NSIS o)
Update failed

C:\Documents and Settings\burns\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Documents and Settings\burns\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Documents and Settings\burns\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Documents and Settings\burns\Desktop\OiUninstaller.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016184.exe
Infected with: Trojan.Dropper.AY

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016184.exe
Disinfection failed

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016184.exe
Deleted

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016189.exe
Infected with: Trojan.Downloader.PurityScan.BP

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016189.exe
Disinfection failed

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016189.exe
Deleted

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016196.exe
Infected with: Trojan.Dnschange.F

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016196.exe
Disinfection failed

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016196.exe
Deleted

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016206.exe
Infected with: Trojan.Clspring.BU

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016206.exe
Disinfection failed

C:\System Volume Information\_restore{38D29AE2-F416-4466-9ABA-16038D9DE7B7}\RP380\A0016206.exe
Deleted

C:\!KillBox\Network Monitor\netmon.exe
Infected with: Trojan.Dnschange.F

C:\!KillBox\Network Monitor\netmon.exe
Disinfection failed

C:\!KillBox\Network Monitor\netmon.exe
Deleted

C:\!KillBox\cmd.exe
Infected with: Trojan.Clspring.BU

C:\!KillBox\cmd.exe
Disinfection failed

C:\!KillBox\cmd.exe
Deleted
  • 0

#7
Flrman1
Posted 26 October 2006 - 08:38 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
The Hijack This log looks good now. How is the pc behaving?

Let's run one more scan and see what it turns up:

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

Also give me a report on how the computer is running now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP